Purportedly, Egyptian government seems to have implemented a Kill Switch on their citizens’ internet access at 12:30 am local time on Jan 27th.
This was done at multiple levels (DNS, BGP, firewalling) in order to ensure that demonstrators and protesters are unable to communicate with each other inside Egypt as well as with others outside Egypt.
1) Domain resolution: DNS servers used by Egyptian ISPs were brought down, so users can not resolve domain names and convert them to IP-addresses.
2) Inter-domain routing: Egyptian ISPs were instructed to withdraw all the BGP routes that they advertise to the rest of the Internet, so now ISPs outside Egypt have no way of reaching Egypian ISPs’ IP-addresses. So even those users who are able to resolve domain names to IP-addresses or those who are using a server’s IP-address to directly connect to the server, would be thwarted by the lack of routing. More details on this here. There are reports that at least one of the Tier-1 ISPs in Egypt, namely Noor is still announcing BGP routes.
3) Application layer filtering: At the same time, they seem to be filtering out all traffic headed from within Egypt to social networks such as Facebook, Twitter, etc. So this takes care of cases where even if someone was able to connect to Facebook’s IP-address directly and by some miracle had routing enabled between his ISP and the rest of the Internet, the connection would be filtered at the application level!!
So how can someone inside Egypt still access the Internet? Or for that matter, how can citizens of any country rally around and forge together a solution to access the Internet when their government shuts it down?
The Most likely solution revolves around some form of a peer-to-peer internet routing, and likely involves using the anonymizing ToR routing in some fashion. However, would that really work?
Suppose users inside Egypt set up ToR routers on their machines, and when they have to post messages on Facebook or Twitter, they route their connections through other ToR routers – so their IP packets will always have as destination the IP-address of another ToR router and not necessarily Facebook or Twitter. However, these packets will need at least one network link to be working, one which connects Egypt to the rest of the Internet (in this case that will have to be Noor). But can this still work?
Most likely not. At best it will be a best-effort service, one prone to lots of long latencies and TCP resets. The reason being that currently onion routing is not optimized to look for the best route out of a country. In other words, a lot of IP packets will get lost because they may not even know how to reach Noor.
Clearly, what is needed is a disruption tolerant routing at the application layer, so that ToR routers (which essentially make an application layer overlay on top of actual IP routing) should be able to obtain information from IP routing layer and figure out quickly that there is only one way out of the country.